Index index by Group index by Distribution index by Vendor index by creation date index by Name Mirrors Help Search

freeradius-server-postgresql-3.0.16-lp150.1.1 RPM for armv7hl

From OpenSuSE Ports Leap 15.0 for armv7hl

Name: freeradius-server-postgresql Distribution: openSUSE Leap 15.0
Version: 3.0.16 Vendor: openSUSE
Release: lp150.1.1 Build date: Tue May 15 19:36:16 2018
Group: System/Daemons Build host: obs-arm-5
Size: 80048 Source RPM: freeradius-server-3.0.16-lp150.1.1.src.rpm
Summary: Postgresql support for freeradius
FreeRADIUS plugin providing PostgreSQL support.




GPL-2.0 and LGPL-2.1


* Thu Jan 11 2018
  - update to 3.0.16
    Feature improvements
    * rlm_python now supports multiple lists.  From #2031.
    * Add trust router re-keying.  From #2007.
    * Add support for Samba / AD LDAP schema.
    See doc/schemas/ldap/samba/README.txt and
    * Add "tls_min_version" and "tls_max_version" to EAP module
    for Debian OpenSSL issues.
    * Better documentation for client certificates in PEAP and TTLS:
    it usually doesn't work.  Fixes #2068.
    * Distinguish login failure from AD unavailable.  Fixes #2069.
    * Update RH spec files.  Fixes #2070.
    * Run Post-Proxy-Type if all home servers are dead.
    Fixes #2072.
    * Print offending IP addresses when EAP sessions come from
    two upstream home servers, and rate-limit the messages.
    * Minor packaging updates.
    * Better documentation for rlm_rest.
    * EAP-FAST now has it's own "cipher_list", so that it is
    easier to configure.
    * EAP-FAST now forcibly disables TLS1.2, until such time
    as we implement the new keying mechanism from TLS1.2.
    * Add documentation for allow_expired_crl.
    * Update Debian logrotation.  #2093 and #2101.
    * DHCP relay can now drop responses.  #2095.
    * rlm_sqlippool can now assign Delegated-IPv6-Prefix.
    It also now can assign any IPv4 or IPv6 address.
    Based on patches from maximumG.  #2094.
    See raddb/mods-available/sqlippool for changes.
    * radeapclient can now use EAP-SIM-Ki to dynamically
    create the necessary triplets.
    * Explain why many LDAP connections are closed.
    Fixes #1969.
    * Debian build / package issues fixed by Matthew Newton.
    * dictionary.patton updates from Brice Schaffner.  Fixes #2137.
    * Added scripts to build "inner-server.pem", and updated
    mods-config/inner-eap and certs/README to match.
    * Added provisions for using an external CA.  See raddb/certs/
    * Include dhcpclient binary in freeradius-dhcp debian packge.
    Bug fixes
    * Bind the lifetime of program name and python path to the module
    FR-AD-002 (redone)
    * Pass correct statement length into sqlite3_prepare[_v2]
    FR-AD-003 (redone)
    * Allow 100-Continue responses with additional headers in rlm_rest.
    * fix corner case where detail files were not being locked
    * Fix (SQL-Group == "%{...}") checks, and same for LDAP-Group.
    Fixes #1947
    * Clean up exfile code.  Which should help to avoid issues
    with reading / writing 100's of detail files.
    * Fix build for winbind.  Patch from Alex Clouter.
    * Fix checkrad for Mikrotik.  Patch from Muchael Ducharme.
    * Fix home server stats lookup.  Patch from Phil Mayers.
    * Add libjson-c3 as an optional dependency.
    * Require LTB OpenLDAP on CentOS / Redhat, to avoid linking
    against NSS, which breaks the server.  Fixes #2040.
    * rlm_python fixes.  Fixes #2041
    * Typos in "man" pages.  Fixes #2045
    * Expand "next" in %{%{...}:-%{...}}.  Fixes #2048
    * Don't add TLS attributes twice.  Fixes #2050.
    * Fix memory allocation in rlm_rest.  Fixes #2051.
    * Update trustrouter for new API. Fixes #2059.
    * Fix SQLite issues on FreeBSD.  Fixes #2060
    * Don't do debug logging of bad passwords.  Fixes #2064.
    * More graceful handling of "die" in rlm_perl.  Fixes #2073.
    * Fix occasional crash when using
    cisco_accounting_username_bug = yes
    * EAP-FAST fixes from Isaac Boukris.
    [#2078], #2076, and #2082, #2126.
    * DHCP fixes, relay, #2092, add run-time check, #2028
    * Decode multiple RADIUS packets at a time in highly loaded
    RadSec connections.  Patch from Jan Tomasek.  #2106.
    * TunnelPassword is not "single value" in LDAP schema.
    Fixes #2061.
    * sql log now opens the expanded filename, not the input one.
    This was a regression introduced in 3.0.15.
    * Remove unnecessary UNIQUE constrain in Oracle schemas.
    * Fix SSL thread and locking issues when modules also use SSL.
    Fixes #2125 and #2129.
    * Re-add dhcpclient "raw packet" changes.  Patches from
    Nicolas Chaigne and Matthew Newton.  Fixes #2155.
* Tue Sep 19 2017
  - Fix permissions of radiusd.service (bnc#1053654)
* Fri Aug 25 2017
  - bsc#1055679 - freeradius-server does not provide winbind/AD auth
    Added libwbclient-devel as buildrequires
* Mon Jul 17 2017
  - update to 3.0.15 with security fixes for
    issues found via fuzzing by Guido Vranken
    * CVE-2017-10978: FR-GV-201 (v2,v3) Read / write overflow in make_secret()
    * CVE-2017-10983: FR-GV-206 (v2,v3) DHCP - Read overflow when decoding option 63
    * CVE-2017-10984: FR-GV-301 (v3) Write overflow in data2vp_wimax()
    * CVE-2017-10985: FR-GV-302 (v3) Infinite loop and memory exhaustion with 'concat' attributes
    * CVE-2017-10986: FR-GV-303 (v3) DHCP - Infinite read in dhcp_attr2vp()
    * CVE-2017-10987: FR-GV-304 (v3) DHCP - Buffer over-read in fr_dhcp_decode_suboptions()
    * CVE-2017-10988: FR-GV-305 (v3) Decode 'signed' attributes correctly
    * FR-AD-002 (v3) String lifetime issues in rlm_python
    * FR-AD-003 (v3) Incorrect statement length passed into sqlite3_prepare
* Mon May 29 2017
  - update to 3.0.14 (still FATE#322416)
    Feature improvements
    * Enforce TLS client certificate expiration on session resumption,
      and Session-Timeout. See CVE-2017-9148 (bnc#1041445)
    * Updated, dictionary.patton
    * Added dictionary.dellemc
    * Lowered the log output for failed PEAP sessions.
    * ALlow utc in rlm_date.
    * The internal OpenSSL session cache has been disabled.
      Please see mods-available/eap
    * Update detail reader documentation.
    * Make outgoing RadSec connections non-blocking.
    * Add SQL backing to Moonshot-*-TargetedId generation.
    Bug Fixes
    * radtest uses Cleartext-Password for EAP, not User-Password.
    * Update documentation for mods-enabled/ linking.
    * Enhanced checks for moonshot salt.
    * Allow session resumption for RadSec connections.
    * Update "huntgroups" file to note that port ranges are not supported
    * Fix OpenSSL permissions issues on default key files.
    * Certificates are not required when PSK is used.
    * Allow SubjectAltName as first extension in cert.
    * Fixed talloc issue with TLS session resumption.
    * "&Attr-26 := 0x01" now produces useful error messages.
    * Handle connection error in rlm_ldap_cacheable_groupobj.
    * Fix endian issues in DHCP.
    * Multiple minor fixes for Coverity complaints.
    * Handle unexpected regex.
    * Fix minor issues in dictionaries.
    * Fix typos and grammar. Patches from Alan Buxey.
    * Fix erroneous VP creation in rlm_preproces.
    * Fix MIB. Patch from Jeff Gehlbach.
    * Trust router updates from Alejandro Perez.
    * Allow build with LibreSSL.
    * Use correct packet for channel bindings.
    * Many fixes found by PVS-Studio. Thanks to PVS-Studio for giving us
      a test license. Please see the git commit history for more info.
    * Fix incorrect length check in EAP-PWD. This may be exploitable.
    * Stop rotating session database files (radutmp, radwtmp) since
      these are not logfiles.
  - freeradius-server-radiusd-logrotate.patch: updated
* Mon Mar 06 2017
  - removed obsolete freeradius-server-fix-cert-bootstrap.patch
    because recent /etc/raddb/certs/bootstrap simply works
  - update to 3.0.13 (still FATE#322416)
    Feature improvements
    * Add dictionary.rfc7930.  Note that we do not implement
      the RFC.
    * Added 'cipher_server_preference' to mods-available/eap
      Patch from #1797.
    * OpenSSL 1.1.0 compatibility fixes.
    * rlm_perl: radiusd::xlat to evaluate xlat string
      within perl script
    * Allow authentication retry in winbind. Patch from
      Herwin Weststrate. See raddb/mods-available/mschap.
    * Added "recv-coa" method to rlm_rest.  It behaves the
      same as "authorize".
    * Document Trust Router tr_port option.  Patch from
      Stefan Paetow.
    * Update elasticsearch/logstash examples so that they work
      with elastic stack v5.  Patch from Matthew Newton.
    * Print information about packets, replies, and contents
      in the detail file reader.
    * Update abfab-tr policy.  Pull request #1893
      from Stefan Paetow.
    * Reject packets which contain User-Password and
    * Add example for filtering Access-Challenge.
      See sites-enabled/default.
    * Pull symlink fixes from v4.0.x.  Fixes #1859.
    * Add systemd reload.  Not everything is reloaded, but
      some is.  Fixes #1662.
    * Better documentation for listen "ipaddr".  Fixes #1921
    * Add dictionary.cnergee, updated dictionary.nomadix.
    * radclient no longer needs -x to print statistics with -s.
    Bug fixes
    * Minor typos.  Fixes #1763
    * Fix typo in RPM build.  Closes #1767.
    * rlm_mschap check for password expiry only
      if password was correct.  Fixes #1762.
    * Update debian build.
    * update rlm_counter "man" page.  Fixes #1775.
    * Remove erroneous assert.  Fixes #1778.
    * fix mschap password change test.  Fixes #1792.
    * Cleanup config file on data remove.  Fixes #1795.
    * passwd module returns "notfound" if not found.
    * Check for old OpenSSL, and don't build rlm_eap_fast
      if it necessary.  Fixes #1803
    * Cleanup memory better after ldap version query.
      Patch from Aleksey Katargin.
    * Rename lt_* functions to avoid linker issues with
      libtool.  Fixes #1277
    * Many miscellaneous fixes and typos.
    * Allow long strings in %{%{foo} bar:-%{baz} blah".
      Fixes #1866
    * Fix filtering operators, along with more documentation and
      more tests for them.
    * Fix OpenSSL fixes.  Fixes #1876.
    * Finish SQL select queries even when SELECT returns no rows.
      Fixes #1879.
    * Set Module-Failure-Message for more EAP errors.
    * Correct typo in dictionary.rfc5580.  Fixes #1882
    * Remove obselete systemd
    * Client-Port-Balance load-balancing now uses client port.
    * Radrelay examples fixed from Alex Clouter.
    * Update systemd target.  Pull request #1896.
    * Trim starting whitespace in xlat strings.
    * Get MySQL result lengths using normal API.
    * suid down after fchown().  Fixes #1914.
    * Fix cases of comparing pointer to NUL character.  Fixes #1915.
    * OpenSSL v1.1 fixes.  Pull request #1921.
    * Better Handle v4/v6 host names.  Pull request #1919.
    * Remove "Auth-Type = System" from docs and examples.
    * Don't crash on malformed %{home_server}.  Fixes #1922
    * fix erroneous use of talloc destructor in rlm_eap
    * Issue trigger  Fixes #1923
    * Document python_path gotcha's.  Fixes #1845
    * dlopen() the specific version of Python.  Fixes #1592
* Mon Feb 20 2017
  - Don't require insserv if we use systemd
  - Remove require for unused fillup
* Mon Jan 30 2017
  - Merge changes from SLE to openSUSE (FATE#322416):
    * freeradius-server-radclient-init-error-buffer.patch - make sure
      we initialize error buffer. bsc#911886: radclient error free()
      invalid pointer
    * freeradius-server-opensslversion.patch: remove OpenSSL version
      check and assume we know what we are doing. (bnc#1013311)
    * merge .changes file, mostly.
  - do not attempt to detect "vulnerable" OpenSSL versions. SUSE
    security fixes do not necessarily bump version numbers as
    does upstream OpenSSL (bnc#1021375)
  - do not generate certificates in %post. End-user needs to do this
  - keep FreeTDS disabled on SLE12 - we never shipped it enabled
  - require OpenSSL 1.0+
  - use pkgconfig(systemd) instead of plain systemd as BuildRequires
  - don't list manual pages as %doc
* Sun Jan 01 2017
  - Remove --with-pic which is for static libs only.
  - Use SUSE RPM group names. Trim filler words from description.
  - Do not hide errors from groupadd/useradd.
* Fri Nov 18 2016
  - Add upstream keyring
  - 2 new modules: rlm_sql_freetds and rlm_eap_fast
* Thu Sep 29 2016
  - update to 3.0.12 - still fate#320481
    The focus of this release is stability.
    * Feature improvements
      + Add support for =~ and !~ in update sections. See "man unlang"
      + Add dictionary.checkpoint.
      + Simultaneous-Use prints out more information.
      + Print WARNING in debug mode when packets may be truncated.
      + Added expansions %{home_server:state} and
      %{home_server_pool:state}, which show the state of the
      server / pool.
      + Mark rlm_sql_freetds as stable.
      + Make rlm_perl less fragile. Patch from Herwin Weststrate.
      + Allow extended attributes to have "encrypt=2"
      + Update dictionary.aruba.
      + Add support for EAP-FAST. This is an isolated feature which
      does not affect anything else.
      + Update OpenSSL vulnerability list. Use a version of OpenSSL
      released after September 20, 2016.
      + EAP certificate verification is now done when "verify" is
      enabled and "ocsp" is disabled.
      + New dhcpclient and rlm_rad_counter man pages.
      + Minor abfab and moonshot additions.
      + Pass CFLAGS through from environment in RPM builds. Allows
      more custom builds.
      + Build with Heimdal in addtion to libkrb5.
    * Bug Fixes
      + Use correct typedef for older versions of sqlite.
      + Update mssql schema to add priority
      + don't complain on /dev/urandom in ldap
      + fix == operator in update sections
      + Don't create DHCP strings with many trailing zeros.
      + Allow MS-CHAP change passwords instead of complaining on
      large buffer.
      + Allow assignment or equality operator on SQL.
      + Update aclocal tests for FreeBSD 10.
      + Remove occasional hang in rlm_linelog.
      + Copy VSAs to inner tunnel for TTLS and PEAP. Fixes #1544
      + A few minor bugfixes caught in v3.1.x cleanup, and
      back-ported to v3.0.x.
      + do_not_respond again works in post-proxy
      + Allow realm "~^.*$" {} and User-Name with no realm.
      + Fix leak when creating unknown attributes
      + Fix Debian / logrotate.
      + Make OpenSSL error functions thread-safe.
      + Fix crash with rlm_sql and updating SQL-User-Name.
      + Debian build updates.
      + Allow regular expression comparisons in radclient.
      + Fix memory leak on unknown attributes in detail file reader.
      + Update example paths in "man" pages when installing them
      + Build fixes for rlm_mschap. Fixes #1489.
      + BSD build fixes. Patch from issue #1583.
      + Be more careful about /lib/ when building. Fixes #1585.
      + Correct ifdef placement error. Fixes #1572.
      + Allow for more files in internal "exfile" API So it will be
      possible to open more than 64 "detail" files at the same
      + Remove support for statically built EAP modules. Fixes #1591.
      + Many fixes to rlm_python from Guillaume Pannatier.
      + Use correct week adjustment in SQLcounter. Fixes #1608
      + Minor fixes to allow compilation without DHCP, VMPS, or TCP.
      + Fix checks for module / config file change on HUP.
      + Compile regex comparisons when sent via "debug condition".
      + Update filenames in documentation and examples.
      + Don't crash if SQL connection becomes unavailable.
      + Disallow originate_coa when proxy_requests = no.
      + Free rad_perlconf_hv in correct perl context.
      + Multiple fixes for Debian builds. #1510, among others.
      + Set OpenSSL FIPS compatibility flag when necessary.
      + Pulled fixes for the build system over from other branches.
      + Fix OCSP for RADIUS over TLS.
      + Fix skip_if_ocsp_ok behavior.
      + Better fixes for systems without closefrom() but which have
      + Minor build fixes back-ported from v4.0.x.
      + build --whout-ascend-binary. Fixes #1761.
      + Be more aggressive about not opening new connections in
      debug mode after CTRL-C. Address #1604.
* Fri Sep 02 2016
  - use %{with} macro for conditional inclusions instead of hardcoding
    version numbers
  - improved package descriptions
  - fixed builds on SLE12 and SLE11SP4
* Mon Jan 25 2016
  - removed installation of experimental module
  - update to 3.0.11 (fate#320481, bsc#961479, CVE-2015-8763,
    bsc#935573, CVE-2015-4680)
    * Changes of version 3.0.11
      + Feature improvements
    - "unlang" comparisons of IP addresses to IP prefixes are now
      detected, and types automatically cast.
    - Allow shorthand form of ipv4prefix values e.g. 127/8.
    - Add "auto_chain" to raddb/mods-available/eap, tls subsection.
      This allows the disabling of OpenSSL auto-chaining of
      certificates. Which might be wrong.
    - Added printing of coa and disconnect stats (radmin).
    - radclient defaults to expecting Access-Accept responses to
    - Updated dictionary.lancom, dictionary.starent.
    - Portability fixes for Solaris.
    - More errors from ntlm_auth gets passed to MS-CHAP.
    - Update abfab-tr-idp virtual server.
    - Added "filter_password" in policy.d/filter. This removes
      embedded zero bytes in User-Password, for compatibility with
      broken clients.
    - The server now issues a WARNING message if duplicate
      configuration items are found.
    - TLS can skip the "verify" section if OCSP returns OK. See
      raddb/mods-available/eap, "skip_if_ocsp_ok".
    - Set TLS-OCSP-Cert-Valid = yes / no / skipped, which is the
      result from the OCSP check.
    - Interoperate with AD and "LmCompatibiltyLevel = 5", by
      always setting WBC_MSV1_0_ALLOW_MSVCHAPV2 for native winbind
      in rlm_mschap.
    - TTLS and PEAP now require "virtual_server" to be a real
    - Print WARNING when TTLS or PEAP identities are spoofed or
      not properly anonymized. See RFC 7542 for requirements.
    - Various rlm_python fixes from Herwin Weststrate.
    - Allow setting Response-Packet-Type in "Post-Proxy-Type Fail",
      which is useful when the home server does not respond.
    - elasticsearch updates from Matthew Newton
      + Bug Fixes
    - Fix issue where field nas_type would not be accessible via
      the %{client:} xlat, for clients loaded from SQL.
    - Fix compatiblity issues with OpenSSL 1.0.2. Ignore calls to
      msg_callback with 'pseudo' content types.
    - Data type "ipv4prefix" is parsed correctly.
    - Use correct talloc context in rlm_exec. Fixes #1338.
    - Complain in unlang if "else" is used with no previous "if"
      or "elsif".
    - Send accounting status packets to the accounting port.
      Fixes #1364.
    - Print out CFLAGS when doing "radiusd -Xxv"
    - Fixed bug with coa/acct stats value #1339. Based on patch
      from Jorge Pereira.
    - Fixes for LEAP proxying. Don't use LEAP!
    - Fix issue with "directory already exists" seen when doing
      "make install".
    - Fixed bug with radmin related to the option "stats detail
    - Complain if the detail file reader does not have permission
      to read the "" file. Fixes #1398
    - Fixed SoH. Attributes were not being copied to the virtual
    - Used a wrong list to global statistics in "stats".
    - Create EAP-PWD identity correctly. Prevents segfaults.
    - Dynamically validate authentication types for PEAP and
    - Fix includes in installed headers.
    - OpenSSL 1.0.1f and 1.0.1g do NOT calculate TLS 1.2 keys
      correctly. See raddb/mods-available/eap, "disable_tlsv1_2"
    - Allow password change to work for MS-CHAP. This requires
      'r=0', because password changes are not retries.
    - Fix home server fail-over for home servers using TCP and/or
    - Special characters in expanded regexes are now escaped e.g.
      User-Name containing '.', and comparing /%{User-Name}/, the
      '.' will now be escaped. See src/tests/keywords/regex-escape.
    - Use correct authentication vector when sending Access-Reject
      replies for RadSec.
    - Set FreeRADIUS-Proxied-To in TTLS again. You should use the
      "inner-tunnel" virtual server, instead of relying on this
    - Fix debugging constants in rlm_perl. Patch from Herwin
    - Add samba-dev / samba4-dev to debian builds so that
      rlm_mschap can automatically use the new winbind API.
    - Automatically skip zero-length attributes when sending
      packets, instead of erroring out.
* Mon Oct 26 2015
  - fix bsc#951404
    * Rebuild of freeradius-server package fails
    * fix source url
* Mon Oct 05 2015
  - update to 3.0.10
    * Changes of version 3.0.10
      + Feature improvements
    - Do more optimization of unlang policies. This makes run-time
      a bit faster.
    - Re-name most of the functions in src/lib. Third-party module
      authors will have to do the same.
    - More documentation on contributing and how to write modules.
    - Update radiusd.service for systemd.
    - Open IPv6 proxy socket if the server is listening on IPV6
      auth / acct / coa packets.
    - Create debian packages for DHCP. Fixes #1125.
    - Add more tests for "update" section parsing.
    - Update "man" pages.
    - Update attributes for Alcatel 7750
    - Add dictionary for Boingo Wi-Fi
    - Add support for DHCP lease queries.
      See raddb/sites-available/dhcp
    - On HUP, check all modules for config files which have
      changed. And only re-load those modules.
    - Allow FreeRADIUS-Response-Delay(-USec) to be set for RADIUS
      packets. Patch from Herwin Weststrate.
    - Documentation fixes from Alan Buxey and Matthew Newton.
    - Update "logrotate" script.
    - Added more RFCs to doc/rfc for new standards implemented by
    - Don't crash when doing "radmin -e "help hup". Patch from
      Matthew Newton.
    - The dictionary parser now does more sanity checks, which
      prevents run-time problems with invalid attributes.
    - Update debian packages. Patches from Christopher Hoskin.
    - Many other debian packaging fixes from Matthew Netwon and
      Herwin Weststrate.
    - Add "session-state" to Perl. Patch from Herwin Weststrate.
      + Bug Fixes
    - Fix rlm_files so that there are no collisions when loading
      10's of 1000's of users.
    - Fix radclient to use our internal v4/v6 parsing functions.
      v6 addresses with ports now work correctly.
    - Fix sending/receiving packet messages to wrap v6 addresses
      in square brackets '[]'.
    - Check for sasl/sasl.h when building rlm_ldap, and disable
      SASL functionality if unavailable.
    - Fix issue which caused a non \0 terminated buffer to be
      assigned to attributes if the value being assigned contained
      an invalid escape sequence.
    - Fix deadlock when reconnecting connections in the connection
    - Fix potential overrun in functions that used fr_utf8_char
      with a non nul terminated buffer.
    - Fix decoding issue for Tunnel-Password type attributes which
      were very long. Found by Denis Andzakovic.
    - Fix radclient issue with TCP sockets on FreeBSD.
    - The server now creates ${run_dir} and ${logdir} directories
      in daemon mode, when running as "root".
    - Handle tags when using maps. Fixes #1191.
    - Fix crash when CoA packets time out.
    - Fix parse error in rediswho
    - Fix regex support in SQL radcheck the "users" file and
    - Register listen xlat earlier, so that it's available when
      the virtual servers are being parsed.
    - Parse Ascend-Data-Filter when given as "0x..."
    - Print Ascend-Data-Filter correctly. Add test cases for both.
    - Allow old-style clients again. They will be disallowed for
      3.1.0 and following.
    - Complain instead of crash when "else" and "elsif" are in the
      wrong place.
    - Clean up memory more aggressively. This lowers the maximum
      memory used, most typically for TLS based EAP methods.
    - Prevent the server from unlinking the control socket of an
      already running instance.
    - Fallback to using the configured OCSP URL if one exists, and
      no URL is provided in the certificate.
    - Return CoA-NAK if proxying CoA fails. Based on patch from
      Jorge Pereira.
    - Lower peak memory usage by decreasing size of internal
      memory pools.
    - The control socket is now left in place if a second copy of
      the server is accidentally started.
    - Allow virtual attributes in "switch", "case", etc. Fixes
      [#1240] and #1265.
    - Many spell check / typo fixes in comments and example
      configuration files.
    - Better handle multiple DHCP listeners.
    - Don't print secrets for old-style realms. Fixes #1267.
    - Don't fall through in empty "case" statements. Fixes #1274.
    - Update EAP-TTLS so that MPPE keys are correctly calculated
      with TLSv1.2.
    - Always delete MS-MPPE-* from the TTLS inner tunnel. This
      allows TTLS / EAP-MSCHAPv2 to work. Fixes #1206.
    - Fix off by one error that caused some MSCHAP-Error messages
      to be sent without the password change version (V=3) and the
      textual message component (M=).
    - Always include C= V= and M= in MSCHAPv2 errors. RFC 2759
      does not say that any of these fields are optional, and not
      including V= caused errors with wpa_supplicant.
    - Do not include M= in MSCHAPv1 errors. It's not supported.
* Fri Aug 07 2015
  - Fix boo#912714: freeradius can't use ntlm_auth
    * Create winbind group
    * Add radiusd to winbind group
* Tue Aug 04 2015
  - Remove gpg signature file
    * The gpg signature checking is broken and doesn't work
* Tue Aug 04 2015
  - Fix bsc#935573: Insufficent CRL application for intermediate certificates
    * CVE-2015-4680
    * freeradius-server-CVE-2015-4680.patch based on
* Wed Jul 08 2015
  - update to 3.0.9
    * Changes of version 3.0.9
      + Feature improvements
    - Make "pool" configurations more consistent, and update
      documentation for them.
    - Move connection pool logic to "most recently started",
      instead of MRU. This should help with pool stability.
    - More VSAs for 3GPP2
    - Added examples of multi-value attributes to rlm_perl.
    - LDAP-Group and SQL-Group attributes are now dynamically
    - Only the "sql" module registers SQL-Group. Other instances
      register "instance-name-SQL-Group", similarly to "ldap".
    - Unknown attributes are now complained about more often when
      used in unlang statements. e.g. if (Foo-Bar == 3) used to be
      a string to string comparison. It is now a parse error.
    - Rename RLM_COMPONENT_* to MOD_* in the code. This makes many
      things easier.
    - Move to C99 initializers for modules.
    - Load modules in raddb/mods-enabled. This allows attributes
      like "LDAP-Group" to be used in the "files" module, without
      explicit ordering or listing in "instantiate".
    - Added 'bootstrap' section to modules. Third-party modules
      will need to be updated.
    - When adding clients from a DB, add them to a virtual server
      if that virtual server has a "listen" section. Otherwise,
      add the clients to the global list.
    - When reading dynamic clients from a file, don't expire them
      if the underlying file is unchanged.
    - Allow the server to originate CoA requests from the
      post-auth stage.
    - The server creates ${run_dir} and ${logdir} in daemon mode,
      if they do not already exist.
    - Add dictionary for Wi-Fi Alliance Hotspot 2.0. The server
      now supports all mandatory and optional attributes for this
    - HUP now re-loads the configuration only if the files have
      changed. If all files are unchanged, HUP re-opens the log
      file, and does nothing else.
    - Much better debug messages for EAP-TLS, including which
      attributes are cached, and when they are retrieved.
    - Increase default max_requests to 16384. Memory is cheap now.
    - Added "stats memory" commands to radmin. Debug build only.
    - Aptilo controller dictionary updates.
    - SQL modules now use Acct-Unique-Session-Id everywhere.
    - The redis modules are now stable.
    - The LDAP module now supports SASL "interactive bind" method.
      This allows Kerberos based administrator and user binds.
    - DHCP code is now in libfreeradius-dhcp.
    - More DHCP encoding / decoding unit tests.
    - rlm_replicate can now be listed in the "accounting" section.
    - Better sqlite debugging output.
    - Remove "required" option from many sql_ippool directives.
    - Set default CA "basic constraints" to "critical". Fixes #1073
    - Updates to help / man pages from Jorge Pereira.
    - Added more tests.
      + Bug Fixes
    - Be more careful about unused config item warnings when
      using -Xx.
    - Move more defines to be auto-generated.
    - Allow virtual servers in proxy fallback.
    - Allow %{module:} to work.
    - Don't crash in RadSec. Closes #980.
    - Return better errors when a unix group / user is not found.
    - Re-enable detail module "locking" parameter.
    - Don't crash when logging replies from Status-Server packets.
    - The couchbase module now uses "update" instead of "map", for
      consistent with the rest of the server.
      See raddb/mods-available/couchbase
    - Don't require NT-Password for MS-CHAP password changes.
    - Be a bit more careful about decrypting MS-CHAP-MPPE-Key
      attributes. Closes #1013. There is no perfect fix, tho.
    - Fix security issues with EAP-PWD.
    - Fix dynamic clients read from SQL in non-debug mode
    - MS-CHAP now allows retries (i.e. password change) when
      passwords are expired.
    - Allow "user=radiusd" when the server is already user
    - suid up/down works on non-Linux systems. This means that the
      control socket should have the correct ownership.
    - Fix issue which caused the server to sometimes have problems
      when a home server was marked zombie.
    - Fix because Perl is now more picky.
    - Fix proxy to Packet-Dst-IP-Address, so that it uses the
      correct destination port.
    - Fix corner case with cursor functions and removal.
    - OpenDirectory fixes and documentation.
    - Fix leaks in rlm_redis.
    - RFC 6929 "evs" attributes are now encoded / decoded properly.
    - Fix talloc pool leaks when receiving malformed or
      retransmitted Accounting/CoA requests.
    - Printed attributes again use double quotes instead of single
    - Set X509_V_FLAG_CRL_CHECK_ALL, and add "check_all_crl" to
      eap.conf. Fixes oCert CVE-2015-4680.
    - rlm_expr now errors out correctly on malformed attribute
      references instead of triggering an assert.
    - Make "break" work in "foreach" loops
    - Allow dynamic expansions to work again in the "hints" file.
    - Correct minor typos in comments and examples from Alan Buxy.
    - Re-urlencode the path portion of ldapi:// urls before
      passing it to ldap_initialise.
  - freeradius-server-rlm_sql_unixodbc-configure.patch removes
    hard-coded directory in configure script of rlm_sql_unixodbc
  - install new module
* Thu Apr 23 2015
  - minor adjustments/cleanup of spec and changes
* Wed Apr 22 2015
  - update to 3.0.8
    * Changes of version 3.0.8
      + Feature improvements
    - Allow syslog_severity to be set in rlm_linelog.
    - Allow defaults to be set for bulk clients in LDAP and
    - Updates to dhcpclient. Patches from Nicolas C.
    - rlm_mschap now supports direct connections to winbind,
      which is faster than ntlm_auth.
      See raddb/mods-available/mschap. Patch from Matthew Newton.
    - Recommend /dev/urandom for TLS randomness, instead of
    - Allow TLSv1 to be disabled via "disable_tlsv1" in tls{}.
    - Allow Expanded EAP types where vendor is 0 (IETF) and type
      is normal EAP type. Supplicants sending Expanded EAP types
      like this are broken.
    - Add support for server side sort controls when searching
      for user objects in rlm_ldap.
      + Bug Fixes
    - Don't complain about "authorize" in "server {}" blocks, but
      only if there's no "server" block.
    - Fix cosmetic issue where debug from the first packet read by
      a detail reader thread would be emited during config parsing.
    - Fix ASSERT on truncated detail packets.
    - Don't use main server log functions from within panic_action,
      as in the case of syslog this would cause deadlocks if the
      fault was triggered from within a malloc.
    - Fix issue in "switch" when "correct_escapes = false".
      Fixes #911.
    - Fix sqlcounter configuration to use "%%b" instead of "%b",
      otherwise the new syntax validation will fail.
    - Allow forward references in configuration items. Modules
      aren't always loaded in a sane order.
    - Fix more escaping issues. Closes #912.
    - Decode MAC addresses correctly for VMPS.
    - Fix memory leak with TLS connections.
    - Fix state machine threading issues for conflicting packets.
    - Fix copy_request_to_tunnel issues for tagged attributes.
    - Allow "ok" to over-ride "updated" inside of Auth-Type
    - Update state machine so that post-proxy is run though child
      threads for performance, instead of blocking the main thread.
    - Allow "netmask" to work again in client definitions.
    - Relax restrictions on SQL group queries.
    - track outgoing proxy sockets and clean them up more
    - track proxy statistics, including CoA and Disconnect.
    - If radmin has a connection failure when running a command,
      it re-connects and runs the command again.
    - mark home servers "unknown" less aggressively.
    - Fix potential SEGV in PostgreSQL driver on error.
    - Fix issue where fields like nas_type would not be
      accessible via the %{client:} xlat, for dynamic clients.
    - Set default busy_timeout (of 200ms) in the sqlite driver, so
      writes don't cause selects to fail in multithreaded mode.
      This is user configurable, and may be increased if required.
    - Convert Password-With-Header attributes to binary (from hex
      or base64), in the authorize method of rlm_pap.
    - Fix invalid assert in state.c, that could cause abort in
    - Fix double free when -m flag is used, and connection pools
      are referenced by multiple modules.
    - RADIUS over TLS accounting uses the same port as
    - Regularized return codes from radmin commands.
    - Fix RHEL spec file so it works correctly for Centos7 which
      uses systemd, and didn't like the SystemV init script.
    - radwho and radlast now have a -D option to load dictionaries
    - DHCP packets are no longer checked for duplicates.
    - Don't crash in sql module group comparisons in corner case.
    - Calculate MPPE keys correctly when using TLS 1.2.
    - Fix load-balance sections. Closes #945
    - TLS certificates are available again in the post-auth
      section. They are not available for session resumption.
    - radclient encodes CHAP-Password properly when using -c
      Closes #955.
    - Fix issue in rlm_cache_memcached driver that caused variable
      length values to be truncated.
    - Fix track functionality in detail reader, so it no longer
      fails with a "Failed marking detail request as done: Bad
      file descriptor" error.
    - Actually add the peer identity (as User-Name) to the inner
      tunnel in EAP-PWD requests, so it's available for lookups.
    - Fixes to PostgreSQL queries. Patches from Santiago Gimeno.
  - new set of consolidated patch files:
    * freeradius-server-2.1.1-logrotate_su.patch
    * freeradius-server-2.1.6-rcradiusd.patch
    * freeradius-server-initscript-pidfile.patch
    * freeradius-server-radius-reload-logrotate.patch
    * freeradius-server-var_run.patch
    * freeradius-server-radiusd-logrotate.patch
    * freeradius-server-rcradiusd.patch
    * freeradius-server-tmpfiles.patch
* Wed Jan 14 2015
  - Do not disable as-needed build
  - Remove the with_sysconfig switch and just stick with versions
* Tue Jan 13 2015
  - update to 3.0.6
    - fixes a segmentation fault in PEAP module (bnc#912588)
    Feature improvements:
    * radmin / raddebug conditional errors are printed to the output, instead of being discarded.
    * raddebug will exit if condition set with -c was invalid.
    * radmin auto-reconnects if the connection to the server has gone away.
    * rlm_cache now has submodule support. See raddb/mods-available/cache
    * New memcached driver for rlm_cache. See raddb/mods-available/cache
    * Add support for &Attribute-Name[*] in conditions. See "man unlang" for details.
    * Add &Attribute-Name[n] which gets the last instance of an attribute e.g. Module-Failure-Message[n].
    * Allow for redundant string expansions. See the "instantiate" section of radiusd.conf.
    * When checking IP addresses in conditions, make the right side be parsed as an IP prefix.
    * Support JIT compilation of compiled regular expressions when built with libpcre.
    * Support named capture groups with "%{regex:<name>}" when built with libpcre.
    * Increase regular expression capture groups from 8 to 32.
    * Emit error markers for badly formed regular expressions.
    * Allow 'm' flag to enable multiline mode in regular expressions.
    * Support limited implicit attribute conversion in update sections.
    * Support casting between IPv6 and IPv4 where the IPv6 address has the v4/v6 mapping prefix (::ffff:).
* Mon Dec 22 2014
  - Drop .keyring and .sig file: freeradius-server still uses MD5
    signatures, which are no longer validated/accepted by GPG 2.1.
* Wed Dec 03 2014
  - update to 3.0.5
    Some of the new features:
    * Allow LDAP to specify arbitrary attributes for dynamic
    * Allow one level of backslashes (finally).  See radiusd.conf,
      "correct_escapes" setting.
    * When supported by OpenSSL, allow TLS 1.1 and TLS 1.2
      in EAP methods.
    * Allow multiple new connections to be spawned simultaneously
      in the connection pool, to cope with spikes in traffic.
    * Use kqueue on systems which support it.  This allows for
      better scaling when using many sockets.
    * Home server "response_window" can now take fractions of a
      second.  See proxy.conf.
    * radmin now supports "show module status", as thee counterpart
      to "set module status"
    * "ipaddr" will now use v6 if no v4 address is present.  You should
      use "ipv4addr" or "ipv6addr" to force v4/v6 addresses.
    * "client" sections will allow "ipaddr = 192.192.0/24".  The old
      "netmask" is still accepted, but the new format is preferred.
    * Allow custom HTTP headers to be set for rlm_rest requests using
      control:REST-HTTP-Header (attributes consumed after use).
    * Extend format of %{rest:} expansion to allow HTTP method and POST
      data to be specified
      and urlquoting.
    * Add support for aliases in rlm_ldap.
    * Add support for connection pool sharing to all modules that use
      the connection pool (pool = <instance>).
    * "tls" sections now have a "psk_query" configuration item, for dynamic
      queries to discover a key from a PSK identity.
    * Preliminary support for EAP channel bindings.
    * Foundational work for dynamic home servers.  They do not yet work,
      but this is now only a matter of updating the "realm" module in
      a future release.
    * Support &attr[*] syntax to copy all instances of an attribute when
      used with the += operator in an update section. May be qualified with
      a tag.
    * The logintime and expiration modules can now be listed in the
      post-auth section.  This makes some configurations simpler.
    * rlm_sqlippool is now IPV6 capable.  Set "ipv6 = yes" to get
      Framed-IPv6-Prefix returned.  The SQL queries have NOT been updated.
      Please submit patches.
    and numerous; bugfixes
  - remove gpg-offline
  - create /run/radiusd after install
  - drop freeradius-server-opensslversion.patch (upstream)
* Mon Dec 01 2014
  - freeradius-server-opensslversion.patch: do not check the minor
    version of openssl, minor versions are supposed to be compatible.
* Sun Aug 03 2014
  - added patch to changelog to fix factory-auto failure (Req #242825)
* Mon Jul 28 2014
  - fixed SUSE spelling in a filename (bnc#889034)
    * don't install suse/README.SuSE
  - remove old tarball and signature file
* Tue Jul 22 2014
  - spec run through spec-cleaner
  - don't install files to /var/run
* Fri May 16 2014
  - update to 3.0.3
    Many bugfixes
    Feature improvements
    * Everything now builds with no warnings from the C compiler,
    clang static analyzer, or cppcheck.
    * rlm_ldap now supports defining the LDAP attribute name via
    backticked expansion (i.e. shell command) in
    RADIUS <-> LDAP mappings.
    * rlm_ldap now supports older style generic attributes.
    * dynamic expansions (e.g. "%{expr:1 + 2}" are now parsed
    when the server starts.  Syntax errors in the strings
    are caught, and a descriptive error is printed.
    * Static regular expressions (e.g. /a*b/) are now parsed
    when the server starts.  Syntax errors in the strings
    are caught, and a descriptive error is printed.
    * dynamic expansions are cached after being parsed.  They are
    no longer re-parsed at run-time for every request.
    * regular expressions are now parsed and cached when the server
    * Added the %{rest:} expansion to rlm_rest, which will send
    a GET request to the URL passed as the format string.
    Any body text will be written to the expansion buffer.
    * rlm_rest now available as a debian package.
    * When an 'if' condition statically evaluates to true/false,
    unlang does more static optimization.  For examples, see
    * All modules are marked as safe for '-C', which lets the
    dynamic expansion checks work in more situations.
    * Added 'none' and 'custom' rlm_rest body types. 'custom'
    allows sending of arbitrary expanded text and content-type
    * Added "config" section to Perl.  See mods-available/perl
    * Added '%v' which expands to the server version - Patch
    from Alan Buxey.
    * more mis-matched casts are caught in "if" conditions,
    and descriptive errors are printed.
    * Support basic response validation in radclient. This allows
    administrators to write local test cases for their
    site-specific configurations.
    * Removed radconf2xml and radmin "show client config" and
    "show home_server config".
    * Forbid running with vulnerable versions of OpenSSL.
    See "allow_vulnerable_openssl" in the "security"
    subsection of "radiusd.conf"
    * Catch underlying "heartbleed" problem, so that nothing bad
    happens even when using a vulnerable version of OpenSSL.
    * Add locking API for sql_null, linelog, and detail modules,
    which should improve performance and work around issues
    on platforms with bad file locking.
    * Allow DHCP NAKs to be delayed, via setting
    reply:FreeRADIUS-Response-Delay = 1
    * Allow tag and array references anywhere attributes
    are allowed in "unlang".
    * many enhancements to radsniff, including output
    to collectd, ipv6 support and packet loss statistics.
    * Many dictionary updates (ZTE, Brocade, Motorola).
    * rlm_yubikey now automatically splits passwords from OTP
    * The detail file reader is now threaded by default.
    This should improve performance reading the files.
  - dropped freeradius-server-CVE-2014-2015.patch (upstream)
* Fri Feb 28 2014
  - fix for CVE-2014-2015 (bnc#864576)
    * denial of service in rlm_pap hash processing
    * added freeradius-server-CVE-2014-2015.patch
* Wed Jan 29 2014
  - remove the old 3.0.0 sources
* Sat Jan 25 2014
  - update to 3.0.1
      Feature improvements
    * Add "timeout" to exec, and "ntlm_auth_timeout" to mschap.
      So that run-away child processes are caught earlier.
    * Allow TLS clients to use "proto = tls", in which case
      TLS is required.  The shared secret is then set to "radsec".
    * More documentation in the tls virtual server.
    * Add "date" module for date formatting.
      See raddb/mods-available/date.
    * Added unit test suite for internal server functionality
    * When loading "update" sections, check if the RHS is a literal
      value.  If so, syntax check it immediately.
    * Update LDAP module documentation and functionality.
      The generic attribute can now update lists.
    * Updated dictionary.extreme.
    * Update sqlippool to do clears as a separate transaction,
      and at most once per second.  This should help MySQL.
    * Respect control:Response-Packet-Type for all types of
    * Add support for SSL encryption to the MySQL driver.
    * Allow arbitrary connection parameters to be used with the
      PostgreSQL driver.
    * Changes to the OpenLDAP schema to fully expose functionality
      of the new LDAP module.
    * Update debian packaging to include a freeradius-config
      package. This package may be provided as a site local
      package to avoid fighting with the preinstalled config
      Bug fixes
    * Use correct field for ARP setting in DHCP.
    * Fix crash on debug condition (#454).
    * Fix a number of minor issues caught by the clang
    * Set WARNING messages to yellow instead of normal text.
    * Correct debug colorise logic.  Patch from Phil Mayers.
    * Encode attributes of type "ethernet".  No one uses them,
      but it makes sense.
    * Work around regex initialization issues.
    * Fix build when linking against OpenSSL.
    * Print IDs as positive numbers, which helps for large DHCP
    * Fix issue with sql_ippool.
    * sqlcounter now uses 64-bit counters, to deal with 4G overflow.
    * Fix issues with DHCP subsystem.
    * Don't build / install disabled modules, or their config
    * Fix build for OSX Mavericks, which hid the header files
      in a magical place.
    * Fix LEAP buffer issue.  You should still avoid LEAP.
    * Mark "unknown" WiMAX attributes as being WiMAX.
    * Fix typo in packet decoder for fragmented extended attrs
    * RPM spec fixes.
    * Fix rlm_perl build issues when not using threads.
    * Enable %{Response-Packet-Type} again.
    * Update configuration file parser to handle "bool"
    * Update declarations of global boolean variables to use
      "bool" consistently. This fixes an issue where some
      modules were instantiated in "config check" mode and
      did not work correctly.
    * Make more messages debug instead of info, to avoid
      polluting the logs with messages that can't be fixed.
    * Set operator in internal unlang code to suppress spurious
      warning messages.
    * Fix debian packaging.
    * Added "status" to Debian init script.
    * Fix "update outer.request" to update the outer request.
    * Don't print TLS debugging messages when not in debug mode.
    * Correctly manage counters for "limit" sections of TCP / TLS
      "listen" sockets.
    * Fix libldap debug output.
    * Fix rlm_ldap tls functionality.
    * Initialise OpenSSL globals early to avoid issues with the
      PostgreSQL library.
    * Fix typo in sqlcounter expansion code.  Fixes #463
    * Overwrite previous instances of SQL-User-Name when adding
      it to the request.
    * Work around bugs in both MIT and heimdal versions of
      krb5_copy_context(), which caused segfaults in
      multithreaded mode.
    * Provide meaningful error messages if Heimdal krb5 is used.
    * Fix attribute supression in rlm_detail.
    * Exit with error code if child fails to complete server
      initialisation after forking.  This allows init scripts to
      correctly report whether the server started ok.
* Mon Oct 21 2013
  - don't build with experimental modules
  - fix packaging bugs:
    * install init scripts only on <= 11.4
    * install systemd unit
    * add %defattr for submodules
* Tue Oct 15 2013
  - update to 3.0.0
    * new feature release
    * see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
    * documentation for upgrading from 2.x is in /etc/raddb/README.rst
  - drop oracle support (wasn't built anyway)
  - dropped patches (obsolete):
    * freeradius-server-2.1.6-codecleanup.patch
    * freeradius-server-2.1.6-dialup_admin.patch
    * freeradius-server-2.1.1-edirectory.patch
  - added systemd service unit
    * radiusd.service
  - added systemd-tmpfile for /var/run/radiusd
    * freeradius-tmpfiles.conf
  - added gpg-offline verification
    * freeradius-server.keyring
* Thu Sep 05 2013
  - add libperl_requires, as we link against libperl and thus
    need a specific version of perl
* Thu Mar 14 2013
  - fixed a bug in the logrotate script (bnc#797292)
* Mon Oct 01 2012
  - files in sites-available/ are now %config(noreplace) [bnc#781756]
* Mon Sep 10 2012
  - update to 2.2.0
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
    - fixes CVE-2012-3547 (bnc#777834)
    - dropped freeradius-server-2.1.6-overflow.patch (upstream)
    - dropped freeradius-server-sha1-default.patch (upstream)
    - refreshed freeradius-server-fix-cert-bootstrap.patch
* Mon May 28 2012
  - Use the new 'su' logrotate option (bnc#677335)
* Mon May 14 2012
  - Enable the same CFLAGS as for other hardware
* Wed Oct 19 2011
  - update to 2.1.12
      Feature improvements
    * Updates to dictionary.erx, dictionary.siemens, dictionary.starent,
    dictionary.starent.vsa1, dictionary.zyxel, added dictionary.symbol
    * Added support for PCRE from Phil Mayers
    * Configurable file permission in rlm_linelog
    * Added "relaxed" option to rlm_attr_filter.  This copies attributes
    if at least one match occurred.
    * Added documentation on dynamic clients.
    See raddb/modules/dynamic_clients.
    * Added support for elliptical curve cryptography.
    See ecdh_curve in raddb/eap.conf.
    * Added support for 802.1X MIBs in checkrad
    * Added support for %{rand:...}, which generates a uniformly
    distributed number between 0 and the number you specify.
    * Created "man" pages for all installed commands, and documented
    options for all commands.  Patch from John Dennis.
    * Allow radsniff to decode encrypted VSAs and CoA packets.
    Patch from Bjorn Mork.
    * Always send Message-Authenticator in radtest. Patch from John Dennis.
    radclient continues to be more flexible.
    * Updated Oracle schema and queries
    * Added SecurID module.  See src/modules/rlm_securid/README
      Bug fixes
    * Fix memory leak in rlm_detail
    * Fix "failed to insert event"
    * Allow virtual servers to be reloaded on HUP.
    It no longer complains about duplicate virtual servers.
    * Fix %{string:...} expansion
    * Fix "server closed socket" loop in radmin
    * Set ownership of control socket when starting up
    * Always allow root to connect to control socket, even if
    "uid" is set.  They're root.  They can already do anything.
    * Save all attributes in Access-Accept when proxying inner-tunnel
    * Fixes for DHCP relaying.
    * Check certificate validity when using OCSP.
    * Updated Oracle "configure" script
    * Fixed typos in dictionary.alvarion
    * WARNING on potential proxy loop.
    * Be more aggressive about clearing old requests from the
    internal queue
    * Don't open network sockets when using -C
  - freeradius-server-snprintf-overflow.patch merged in upstream
* Tue Sep 27 2011
  - fixed interaction with eDirectory (bnc#720620)
* Fri Jun 24 2011
  - update to 2.1.11
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
  - add freeradius-server-snprintf-overflow.patch
  - use spec-cleaner
* Tue May 24 2011
  - Supress timestamps in binaries, breaks build-compare.
* Mon Oct 04 2010
  - update to 2.1.10
    - see /usr/share/doc/packages/freeradius-server/ChangeLog
      for complete list of changes in this release
  - drop freeradius-server-2.1.6-edir-64bit.patch (fixed upstream)
* Thu Sep 16 2010
  - radiusd reload after logrotate [bnc#634445]
* Mon Jun 21 2010
  - update to 2.1.9 (bnc#615699)
    - bugfix release, for list of changes please see
* Mon May 03 2010
  - add freeradius-server-initscript-pidfile.patch
    - handle /var/run on tmpfs
* Sun Mar 21 2010
  - specfile cleanup
* Thu Mar 11 2010
  - drop freeradius-server-2.1.6-ltdl.patch - not needed anymore
  - clean up specfile
  - remove bind-libs, zlib-devel from BuildRequires - not needed
* Tue Mar 09 2010
  - update to 2.1.8
    - for full list of changes, please see
  - drop freeradius-server-no-default-case.patch: fixed upstream
* Thu Dec 17 2009
  - update to 2.1.7
    - for full list of changes, please see
* Thu Oct 22 2009
  - freeradius-server-no-default-case.patch (bnc#527742)
* Thu Oct 15 2009
  - freeradius-server-sha1-default.patch (bnc#546042)
  - freeradius-server-fix-cert-bootstrap.patch (bnc#546041)
* Fri Jun 19 2009
  - disable as-needed for this package as it fails to build with it
* Tue Jun 02 2009
  - updated to 2.1.6
    o Feature improvements
    * radclient exits with 0 on successful (accept / ack), and 1
    otherwise (no response / reject)
    * Added support for %{sql:UPDATE ..}, and insert/delete
    Patch from Arran Cudbard-Bell
    * Added sample "do not respond" policy.  See raddb/policy.conf
    and raddb/sites-available/do_not_respond
    * Cleanups to Suse spec file from Norbert Wegener
    * New VSAs for Juniper from Bjorn Mork
    * Include more RFC dictionaries in the default install
    * More documentation for the WiMAX module
    * Added "chase_referrals" and "rebind" configuration to rlm_ldap.
    This helps with Active Directory.  See raddb/modules/ldap
    * Don't load pre/post-proxy if proxying is disabled.
    * Added %{md5:...}, which returns MD5 hash in hex.
    * Added configurable "retry_interval" and "poll_interval"
    for "detail" listeners.
    * Added "delete_mppe_keys" configuration option to rlm_wimax.
    Apparently some WiMAX clients misbehave when they see those keys.
    * Added experimental rlm_ruby from
    * Add Tunnel attributes to ldap.attrmap
    * Enable virtual servers to be reloaded on HUP.  For now, only
    the "authorize", "authenticate", etc. processing sections are
    reloaded.  Clients and "listen" sections are NOT reloaded.
    * Updated "radwatch" script to be more robust.  See scripts/radwatch
    * Added certificate compatibility notes in raddb/certs/README,
    for compatibility with different operating systems. (i.e. Windows)
    o Bug fixes
    * Minor changes to allow building without VQP.
    * Minor fixes from John Center
    * Fixed raddebug example
    * Don't crash when deleting attributes via unlang
    * Be friendlier to very fast clients
    * Updated the "detail" listener so that it only polls once,
    and not many times in a row, leaking memory each time...
    * Update comparison for Packet-Src-IP-Address (etc.) so that
    the operators other than '==' work.
    * Did autoconf magic to work around weird libtool bug
    * Make rlm_perl keep tags for tagged attributes in more situations
    * Update UID checking for radmin
    * Added "include_length" field for TTLS.  It's needed for RFC
    compliance, but not (apparently) for interoperability.
    - FreeRADIUS 2.1.5
    * Release number skipped due to procedural issues.
    - FreeRADIUS 2.1.4
    o	Feature improvements
    * Permit multiple "-e" in radmin.
    * Add support for originating CoA-Request and Disconnect-Request.
    See raddb/sites-available/originate-coa.
    * Added "lifetime" and "max_queries" to raddb/sql.conf.
    This helps address the problem of hung SQL sockets.
    * Allow packets to be injected via radmin.  See "inject help"
    in radmin.
    * Answer VMPS reconfirmation request.  Patch from Hermann Lauer.
    * Sample logrotate script in scripts/logrotate.freeradius
    * Add configurable poll interval for "detail" listeners
    * New "raddebug" command.  This prints debugging information from
    a running server.  See "man raddebug.
    * Add "require_message_authenticator" configuration to home_server
    configuration.  This makes the server add Message-Authenticator
    to all outgoing Access-Request packets.
    * Added smsotp module, as contributed by Siemens.
    * Enabled the administration socket in the default install.
    See raddb/sites-available/control-socket, and "man radmin"
    * Handle duplicate clients, such as with replicated or
    load-balanced SQL servers and "readclients = yes"
    o Bug fixes
    * Clean up control sockets when they are closed, so that we don't
    leak memory.
    * Define SUN_LEN for systems that don't have it.
    * Correct some boundary conditions in the conditional checker ("if")
    in "unlang".  Bug noted by Arran Cudbard-Bell.
    * Work around minor building issues in gmake.  This should only
    have affected developers.
    * Change how we manage unprivileged user/group, so that we do not
    create control sockets owned by root.
    * Fixed more minor issues found by Coverity.
    * Allow raddb/certs/bootstrap to run when there is no "make"
    command installed.
    * In radiusd.conf, run_dir depends on the name of the program,
    and isn't hard-coded to "..../radiusd"
    * Check for EOF in more places in the "detail" file reader.
    * Added Freeswitch dictionary.
    * Chop ethernet frames in VMPS, rather than droppping packets.
    * Fix EAP-TLS bug.  Patch from Arnaud Ebalard
    * Don't lose string for regex-compares in the "users" file.
    * Expose more functions in rlm_sql to rlm_sqlippool, which
    helps on systems where RTLD_GLOBAL is off.
    * Fix typos in MySQL schemas for ippools.
    * Remove macro that was causing build issues on some platforms.
    * Fixed issues with dead home servers.  Bug noted by Chris Moules.
    * Fixed "access after free" with some dynamic clients.
* Thu Mar 26 2009
  - do not ship static modules



Generated by rpm2html 1.8.1

Fabrice Bellet, Sat Apr 9 10:47:22 2022